MQL5-Google-Onedrive/scripts/test_web_dashboard_security.py

import unittest
from unittest.mock import patch
import sys
import os

# Add scripts directory to path so we can import web_dashboard
sys.path.append(os.path.dirname(os.path.abspath(__file__)))

from web_dashboard import app

class TestWebDashboardSecurity(unittest.TestCase):
    def setUp(self):
        self.app = app.test_client()
        self.app.testing = True

    @patch('web_dashboard.get_cached_markdown')
    def test_dashboard_exception_leakage(self, mock_get_markdown):
        """Test that exceptions do not leak internal details."""
        # Force an exception with sensitive details
        mock_get_markdown.side_effect = Exception("Sensitive Database Error Details")

        response = self.app.get('/')

        # We expect a 500 status code
        self.assertEqual(response.status_code, 500)

        # We explicitly assert that the sensitive details are NOT in the response
        # Currently, this will fail because the app returns f"Error: {str(e)}"
        self.assertNotIn(b"Sensitive Database Error Details", response.data)

        # Ideally, it should return a generic error message
        self.assertIn(b"Internal Server Error", response.data)

if __name__ == '__main__':
    unittest.main()
Shield: Prevent information leakage in dashboard errors - Modified `scripts/web_dashboard.py` to catch exceptions in the dashboard route, log them to `sys.stderr`, and return a generic "Internal Server Error" message to the client. - Added `scripts/test_web_dashboard_security.py` to verify that sensitive exception details are not exposed in HTTP responses. - Verified that existing tests in `scripts/test_web_dashboard.py` still pass. 2026-02-19 11:37:54 +00:00			`import unittest`
			`from unittest.mock import patch`
			`import sys`
			`import os`

			`# Add scripts directory to path so we can import web_dashboard`
			`sys.path.append(os.path.dirname(os.path.abspath(__file__)))`

			`from web_dashboard import app`

			`class TestWebDashboardSecurity(unittest.TestCase):`
			`def setUp(self):`
			`self.app = app.test_client()`
			`self.app.testing = True`

			`@patch('web_dashboard.get_cached_markdown')`
			`def test_dashboard_exception_leakage(self, mock_get_markdown):`
			`"""Test that exceptions do not leak internal details."""`
			`# Force an exception with sensitive details`
			`mock_get_markdown.side_effect = Exception("Sensitive Database Error Details")`

			`response = self.app.get('/')`

			`# We expect a 500 status code`
			`self.assertEqual(response.status_code, 500)`

			`# We explicitly assert that the sensitive details are NOT in the response`
			`# Currently, this will fail because the app returns f"Error: {str(e)}"`
			`self.assertNotIn(b"Sensitive Database Error Details", response.data)`

			`# Ideally, it should return a generic error message`
			`self.assertIn(b"Internal Server Error", response.data)`

			`if __name__ == '__main__':`
			`unittest.main()`